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1 DETAILED ACTION 

2 

3 This action is in response to the communication filed on 12/1 1/2005. 

4 

5 All objections and rejections not set forth below have been withdrawn. 

6 

7 

8 Claim Rejections - 35 USC §112 

9 

10 The following is a quotation of the second paragraph of 35 U.S.C. 112: 

1 1 The specification shall conclude with one or more claims particularly pointing out and distinctly 

1 2 claiming the subject matter which the applicant regards as his invention. 

13 

14 Claims 1, 6 - 8, 13, 14, and 19 - 29 are rejected under 35 U.S.C. 112, second 

1 5 paragraph, as being indefinite for failing to particularly point out and distinctly 

16 claim the subject matter which applicant regards as the invention. 

17 

18 Claim 1 recites the added limitation "the second key" in line 26. There is 

1 9 insufficient antecedent basis for this limitation in the claim. For the purpose of 

20 examination the examiner will presume the applicant to mean "the second password". 
21 

22 Similar to claim 1, claims 8 and 14 each recites the added limitation "the second 

23 key" within. There is insufficient antecedent basis for this limitation in these claims. For 
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1 the purpose of examination the examiner will presume the applicant to mean "the 

2 second password". 
3 



4 Claim 13 depends upon the canceled claim 12. There is insufficient antecedent 

5 basis for claim 13. 
6 

7 All other depending claims have been rejected by virtue of their dependency. 

8 

9 

1 0 Claim Rejections - 35 USC § 103 

11 

12 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

1 3 obviousness rejections set forth in this Office action: 

14 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

1 5 forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

1 6 the prior art are such that the subject matter as a whole would have been obvious at the time the 

1 7 invention was made to a person having ordinary skill in the art to which said subject matter pertains. 

1 8 Patentability shall not be negatived by the manner in which the invention was made. 
19 

20 

21 Claims 1, 6, 7, 8, 14, 19, 20, and 22 are rejected under 35 U.S.C. 103(a) as 

22 being unpatentable over Al-Salqan, "Method and Apparatus for Encoding Keys", 

23 U.S. Patent, 6,549,626 in view of Hosokawa, "Internet Broadcast Billing System", 

24 U.S. Patent Publication, 2001/0023416 A1. 



25 

26 Regarding claim 1, Al-Salqan discloses: 
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receiving, at a security module, a first password corresponding a software 



2 



application (Al-Salqan, col. 2, lines 12-28, 49-63; fig. 2, elem. 204); generating, at a 



3 security module, a first mask value based on the first password (Al-Salqan, col. 4, lines 

4 29-46; fig. 2); combining, at a security module, the first mask value with a first 

5 encryption key (Al-Salqan, col. 4, lines 49-52; fig. 2); 



7 that is associated with the security module, the encrypting resulting in an encrypted tied 

8 key (Al-Salqan, fig. 2). Furthermore, the applicant is kindly reminded of the evidence 

9 submitted by the applicants representative, admitting to the Prior Art's (Al-Salqan) 
10 teachings ("Prior Art Flow Diagram", Telephonic Interview, 11/15/05). 



12 elem. 246). Al-Salqan discloses the returning of the encrypted tied key to what is 

13 termed the "user". Clear to those of ordinary skill in the art, the term "user" is a 

14 reference to a user employing a computer-implemented application, an interface to the 

1 5 security module. For understanding of such, the applicant's representative is 

16 respectfully invited to consider the Applicant's own disclosure of the prior art, which 

1 7 evidences that which was clear to those having knowledge of technology (Spec. pg. 1 , 

18 lines 16-17, 22-24; pg. 2, line 27 - pg. 3, line 2). Herein, the Applicants clearly equate, 

19 viewing as interchangeable, a customer (a "human") with an application, meaning, more 

20 specifically, that a human does not interact with the computer system as he/she would 

21 interact with another human, but instead, interacts with the computer system via an 

22 application. Thus, when one of ordinary skill in the art refers to a "customer" as using 



6 



encrypting, at the security module, the tied key using a second encryption key 



returning the encrypted tied key to the software application (Al-Salqan, fig. 2, 
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1 an encryption key within a computer system, in actuality, that one is appropriately and 

2 reasonably referring to an "application" in employment by a user. Al-Salqan discloses a 

3 computer software security module as outputting an electronic key to a "user" via an 

4 output (fig. 2, elem. 246). Truly, one of ordinary skill in the art would believe as absurd 

5 the thought that Al-Salqan was actually implying a direct interaction between the 

6 software and human, such as the dropping of digital data bits into the palm of a the 

7 user's hand. No indeed, Al-Salqan is merely describing technology in harmony with the 

8 understanding of those having technical knowledge, and in a manner similar to the 

9 applicant's themselves. In accordance, Al-Salqan discloses a complete computer 

10 system comprising hardware and software for implementing both a security module and 

1 1 software means for a user to interact with and employ the security module (Al-Salqan, 

12 col. 3, lines 16-52). 

1 3 determining, at the software application, that the encrypted tied key corresponds 

14 to the security module; in response to the determining, sending the encrypted tied key 

1 5 and a second password form the software application to the security module over a 

1 6 computer network, the second password being the same as the first password (Al- 

17 Salqan, fig. 3, elems. 302,306). Herein, Al-Salqan discloses the transmission of a 

18 encrypted tied key and password within an interconnected group of computing 

19 elements. The examiner would like to point out that the limitation determining, at the 

20 software application, claimed within a method comprising steps, does not indicate who 

21 or what does the determining and how such a determination is conducted. 

22 Furthermore, the examiner takes note that the claim vaguely claims a correspondence 
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1 between a key and module, but provides no indication of what comprises the 

2 correspondence. Al-Salqan discloses the above limitations, as the correct password 

3 and a corresponding tied key of a user is passed to the security module via the software 

4 means for enabling such interaction between the user and security module (Al-Salqan, 

5 col. 3, lines 16-52). 

6 receiving, at the security module, the encrypted tied key and the second 

7 password from the software application; in response to receiving the encrypted tied key 

8 and the second password, combining, at the security module, the encrypted tied key 

9 and the second key, the combining resulting in a recovered tied key (Al-Salqan, fig. 3). 

1 0 Furthermore, the applicant is kindly reminded of the evidence submitted by the 

1 1 applicant's representative, admitting to the Prior Art's (Al-Salqan) teachings ("Prior Art 

1 2 Flow Diagram", Telephonic Interview, 1 1/1 5/05). 

1 3 generating a second mask value based on the second password (Al-Salqan, col. 

14 4, lines 29-46; fig. 3). Furthermore, the applicant is kindly reminded of the evidence 

1 5 submitted by the applicant's representative, admitting to the Prior Art's (Al-Salqan) 

16 teachings ("Prior Art Flow Diagram", Telephonic Interview, 11/15/05); 

1 7 separating a recovered encryption key from the recovered tied key using the 

18 second mask value (Al-Salqan, col. 7, lines 45-49; fig. 3). Furthermore, the applicant is 

19 kindly reminded of the evidence submitted by the applicant's representative, admitting 

20 to the Prior Art's (Al-Salqan) teaching of the recovery of an recovered encryption key 

21 from the recovered tied key ("Prior Art Flow Diagram", Telephonic Interview, 1 1/15/05). 



Application/Control Number: 10/099,779 Page 7 

Art Unit: 2137 

1 and encrypting data provided by the software application using the recovered 

2 generated key (Al-Salqan, Abstract, lines 1-3; col. 1 , lines 21-28; col. 7, lines 48,49; col. 

3 3, lines 52-56). First, regarding the limitation "provided by the software application", the 

4 examiner notes that such is descriptive language describing data. This has added no 

5 further structure to the claim, the data itself being non-functional descriptive material. 

6 Additionally, the examiner points out that the above-mentioned limitation provides no 

7 indication as to how the software provides data to be encrypted or to what or whom the 

8 software provides the data to be encrypted. Al-Salqan discloses the encryption of 

9 symmetric encryption keys. Al-Salqan discloses that keys, when they are requested 

10 and obtained by the user, are used to encrypt data (Al-Salqan, col. 3, lines 55-57; col. 7, 

1 1 lines 48-49). When an encryption key becomes lost, an authorized user of the key may 

12 recover the key for use again (Al-Salqan, col. 1 , lines 61-65) Al-Salqan discloses that 

13 such symmetric encryption keys are used to encrypt and decrypt data, and for such, an 

14 application of software is used (Al-Salqan, col. 1, lines 61-65; col. 3, lines 16-52). 
15 

16 Al-Salqan discloses a system designed to ensure the secrecy of a data 

17 encryption key, such as a symmetric key. Secrecy is accomplished by encrypting the 

18 data encryption key. However, though Al-Salqan discloses enabling the secrecy of a 

19 symmetric data encryption key, it does not disclose the enabling of the authenticity of 

20 the key. Thus, Al-Salqan does not disclose wherein the first "encryption key" is derived 

21 from a generated key and a known value the combining resulting a tied key or that the 
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1 recovered "encryption key" includes a recovered generated key and a recovered known 

2 value. 

3 Hosokawa discloses a method for the verification of the authenticity of a data- 

4 encryption key, the method being performed "as a security measure" (Hosokawa, par 

5 37). This "security measure" of ensuring authenticity is additional to the security 

6 measure of ensuring secrecy - encrypting the data encryption key. The method 

7 comprises the creation of a "tied key", or an "encryption key" derived from a generated 

8 key and a known value (Hosokawa, par. 32, lines 8-12; par. 33, lines 1-5; par. 37, lines 

9 11-13; par. 44, lines 11-18). Hosokawa attaches a "known value", a digital signature, to 

10 generated key, and thereby creates a "tied key". After the "tied key" is decrypted, the 

1 1 attached digital signature is compared to an authentic digital signature so as to verify 

12 the authenticity of the generated key. If authentic, the generated key is used for 

13 encrypting data. Thus, Hosokawa discloses a method usable to verify the authenticity 

14 of an encryption key, the method ensuring a measure of security. 

1 5 It would have been obvious to one of ordinary skill in the art to combine the 

16 method of Hosokawa with the system of Al-Salqan. This would have been obvious 

17 because one of ordinary skill in the art would have been motivated to enhance the 

1 8 security of the system of Al-Salqan, by not only enabling the secrecy of the data 

19 encryption key, but also the authentication of the data encryption key. Thus, a more 

20 secure system is provided. 
21 

22 Regarding claim 6, the combination of Al-Salqan and Hosokawa disclose: 
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1 determining whether the recovered known value is correct; and processing a 

2 data file based on the determination (Hosokawa, col. 2, pars. 32, 33; Al-Salqan, 

3 Abstract, lines 1-3; col. 7, lines 37-49; col. 3, lines 52-56). 
4 

5 Regarding claim 7, the combination of Al-Salqan and Hosokawa disclose: 

6 wherein the processing is selected from the group consisting of encrypting the 

7 data file using the recovered generated key and decrypting the data file using the 

8 recovered generated key (Al-Salqan, Abstract, lines 1-3; col. 7, lines 37-49; col. 3, lines 

9 52-56). 
10 

11 Regarding claim 22, the combination of Al-Salqan and Hosokawa disclose: 

1 2 wherein the generated key is at a level of security corresponding to a sensitivity 

13 level of the data being encrypted (Hosokawa, par. 41). The combination of Al-Salqan 

14 and Hosokawa disclose that the key is appropriately used for securing data, thus the 

15 key is at a level of security suitable for securing sensitive data. 
16 



17 Regarding claims 8, 14, 19, and 20, they are the system means and computer 

1 8 program product claims implementing the method of claims 1 , 6, and 7, and they are 

19 rejected, at least, for the same reasons. Further, regarding claim 8 specifically, it is 

20 rejected because the combination of Al-Salqan and Hosokawa disclose: 

21 one or more processors; a memory accessible by the processors; one or more 

22 nonvolatile storage devices accessible by the processors; a hardware security module 
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1 accessible by the processors; a data security tool for securing data using the hardware 

2 security module (Al-Salqan, figs. 1, 2; col. 3, lines 16-45). 
3 

4 Claims 21, 23, 24, 26, 27, and 29 are rejected under 35 U.S.C. 103(a) as 

5 being unpatentable over the combination of Al-Salqan and Hosokawa in view of 

6 the Applicant's Admitted Prior Art. 

7 

8 Regarding claims 21 and 23, the combination of Al-Salqan and Hosokawa does 

9 not disclose wherein the security module is a separate hardware security module and 

1 0 wherein encrypting the data is performed within the security module. However, it would 

1 1 have been logical to one of ordinary skill in the art employ a security module to provide 

12 security to data. Furthermore, it would have been logical to one of ordinary skill in the 

13 art to utilize hardware versus software, as hardware is known to provide advantages in 

14 security and performance. The applicants, themselves, attest to the above facts in their 

15 disclosure of the known prior art. The applicants have admitted that prior art comprises 

16 the use of hardware security modules and that the hardware security modules are 

17 useable for encrypting data that a user desires to be secured (Spec, page 2, pars. 1 - 

18 3). 

19 It would have been obvious to one of ordinary skill in the art to employ the prior 

20 art teachings disclosed by the Applicants within the combination of Al-Salqan and 

21 Hosokawa. This would have been obvious because one of ordinary skill in the art would 
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1 have been motivated to employ methods that are logical and have been known to be 

2 feasible in prior art technology. 
3 

4 Regarding claims 24, 26, 27, and 29, they are the system means and computer 

5 program product claims implementing the method of claims 21 and 23, and they are 

6 rejected, at least, for the same reasons. 
7 

8 

9 Response to Arguments 

10 

1 1 Applicant's arguments filed 12/1 1/05 have been fully considered but they are not 

12 persuasive. 
13 

14 The applicant's representative argues primarily that: 
15 

16 I. As discussed with the Examiner, Applicants have amended the independent 

17 claims to include the limitations of original claims 2-5 (Remarks, pg. 4, par. 4). 

18 The examiner would like to respectfully point out that the applicant's 

19 representative is mistaken. While the added limitations to the amended claims 1, 8, and 

20 14 bear a semblance to the limitations found within the original claims of 2 - 5, a 

21 comparison of the newly added limitations to the original limitations reveals that the 

22 newly added limitations are not the same limitations found within the original claims. 
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1 Thus, the newly added limitations to the independent claims 1, 8, and 14 comprise 

2 limitations that have not been previously considered in the prior office action. 
3 

4 II. First, Applicants claim "receiving, at security module, a first password 

5 corresponding to a software application. " Al-Salqan's passwords do not correspond to a 

6 software application (Remarks, pg. 6, par. 2). 

7 In response, the examiner asserts that Al-Salqan teaches software employed by 

8 user to provision a password and a password that has been provisioned by software 

9 (refer to the discussion respecting the rejection of claim 1). Naturally, a correspondence 

10 exists between a provisioned password and password provisioning software simply by 

1 1 virtue of the provisioning. The examiner respectfully points out that if the applicant's 

12 representative desires to argue a more specific type of correspondence, then such a 

13 particular type of correspondence should be claimed - as opposed to nebulously 

14 claiming "corresponding". 
15 

16 III. Second, Applicant's claim "returning the encrypted tied key to the software 

17 application "... 

18 As can be seen from the above excerpt, Al-Salqan teaches passing the 

1 9 encrypted key to a storage area or to a user for storage elsewhere. As such, Al-Salqan 

20 never teaches or suggests a software application ... (Remarks, pg. 7). 

21 In response the examiner respectfully asserts that the applicant's representative 

22 is mistaken and has mischaracterized the prior art. The examiner affirms, as is 
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1 explained in the rejection of claims 1 , 8, and 14, that Al-Salqan discloses software for 

2 implementing a security module as well as software for enabling a user (human) to 

3 interact with the security module. Such an interface exists, as a human does not 

4 interact with a software security module directly. Naturally the inputs and outputs of the 

5 security module (Al-Salqan, figs. 2, 3) do not connect directly to a human (i.e. electronic 

6 data bits dropped into the palm of a user's hand). The examiner finds the argument of 

7 the applicant's representative (namely, there does not exist an application of software 

8 between a user and the security module) to be unpersuasive. 

9 Furthermore, it is interesting to note, that the applicant's themselves, similar to 

10 Al-Salqan, interchangeably use terms referring to humans when describing the 

1 1 interaction between an application of software and a security module (Spec, pg. 2, par. 

1 2 4). Thus, the examiner finds the arguments of the applicant's representative to be 

1 3 inconsistent with the applicant's disclosure. 
14 

1 5 IV. Third, Applicants claim "encrypting data provided by the software application 

1 6 using the recovered generated key. " Since Applicants' claim 1 should be viewed as a 

1 7 whole, the software application provides passwords, receives the encrypted tied key, 

1 8 and provides data to be encrypted by the security module. Al-Salqan never teaches or 

1 9 suggests a software application performing these limitations while interacting with the 

20 security module as claimed by Applicants (Remarks, pg. 8, par. 1). 

21 In response to applicant's argument that the references fail to show certain 

22 features of applicant's invention, it is noted that the features upon which applicant relies 
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1 (i.e. , the software application provides passwords, receives the encrypted tied key, and 

2 provides data to be encrypted by the security module) are not recited in the rejected 

3 claim(s). Although the claims are interpreted in light of the specification, limitations from 

4 the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 

5 USPQ2d 1057 (Fed. Cir. 1993). 
6 

7 
8 

9 Conclusion 

10 

1 1 Applicant's amendment necessitated the new ground(s) of rejection presented in 

12 this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

1 3 § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 

14 CFR 1.136(a). 

1 5 A shortened statutory period for reply to this final action is set to expire THREE 

1 6 MONTHS from the mailing date of this action. In the event a first reply is filed within 

1 7 TWO MONTHS of the mailing date of this final action and the advisory action is not 

1 8 mailed until after the end of the THREE-MONTH shortened statutory period, then the 

19 shortened statutory period will expire on the date the advisory action is mailed, and any 

20 extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 

21 the advisory action. In no event, however, will the statutory period for reply expire later 

22 than SIX MONTHS from the date of this final action. 
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1 

2 Any inquiry concerning this communication or earlier communications from the 

3 examiner should be directed to Jeffery Williams whose telephone number is (571 ) 272- 

4 7965. The examiner can normally be reached on 8:30-5:00. 

5 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

6 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

7 number for the organization where this application or proceeding is assigned is 571- 

8 273-8300. 

9 Information regarding the status of an application may be obtained from the 

10 Patent Application Information Retrieval (PAIR) system. Status information for 

1 1 published applications may be obtained from either Private PAIR or Public PAIR. 

12 Status information for unpublished applications is available through Private PAIR only. 

13 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

14 you have questions on access to the Private PAIR system, contact the Electronic 

15 Business Center (EBC) at 866-217-9197 (toll-free). 
16 

SUPERVISORY PATENT EXAMINER 



17 Jeffery Williams 

18 All: 2137 




